With the growing use of AI in litigation and number of data storage locations, the process of ediscovery gets increasingly more complex and must be more agile, comprehensive, and integrated. The tools legal professionals need in today’s digital environment necessitate using advanced tools such as AI to locate the relevant data quickly and securing data in a way that complies with myriad regulations and major challenges.

To help you secure data and address your needs efficiently in the age of AI, we’re making it easier to safeguard and manage compliance of data using generative AI tools. Recent advanced capabilities of Microsoft Purview eDiscovery are aimed at giving you the advantage. If you’re attending the Legalweek conference in New York City from January 29 to February 1, 2024, we’d love to connect. Read on for an overview of what you can expect our experts to discuss, and keep scrolling for sessions and other ways to connect with us at Legalweek.

Microsoft at Legalweek: How generative AI helps address eDiscovery challenges

Microsoft is continuously innovating to ensure our solutions help organizations achieve their objectives, and Microsoft Purview is no exception. We are committed to enhancing Microsoft Purview for an improved overall user experience. Offering the advantages of AI is a further step toward this commitment. In November 2023, we announced new features and capabilities of Microsoft Purview eDiscovery harnessing Microsoft Security Copilot.

The latest release of eDiscovery enables the search, discovery, preservation, review, and export of Copilot interactions in Microsoft 365 across Word, Excel, PowerPoint, Microsoft Teams, and other applications. This boosts the efficiency of eDiscovery—an essential tool that allows you to search for evidence and gain an understanding of what occurred for informed decision-making.

Here are two advantages of the combination of eDiscovery and generative AI for legal professionals:

Efficient handling of massive datasets

The volume of data produced in litigation necessitates a solution that can keep up. Microsoft Purview eDiscovery features intelligent, machine learning capabilities to make it easier to locate the most relevant items for review, and help you get started quickly.

Two new Copilot capabilities in Microsoft Purview help you better manage huge datasets by helping you to:

• Accelerate and refine your search: A successful investigation relies on an accurate search but query-building can be challenging. Creating a query in Keyword Query Language (KQL) can be time-consuming. Soon available in preview, a new capability lets you provide a prompt in natural language and Copilot will translate the query into KQL.
• Accelerate and navigate your investigation: Based on conversations with our customers, eDiscovery admins and managers spent 60% of their time reviewing evidence collected in review sets. Soon in preview, a new capability lets you generate document summaries and walks you through your investigation with guided prompts.   

Compliance with constantly changing regulations

Integrating AI technology like Microsoft Security Copilot into your existing eDiscovery workflows gives you more careful accounting of your sensitive or confidential information or evidence of intellectual property. This makes it much easier to satisfy the numerous regulations that dictate how data can be collected, stored, used, and managed.

Microsoft Purview makes it easy to comply by providing tools for data risk identification and regulatory requirement management. In addition, this solution features expanded risk detections gathering signals from infrastructure clouds and third-party apps, including Amazon Web Services (AWS), Box, Dropbox, and GitHub.

Compliance is also easier because the solution allows you to:

• Ensure more consistent protections regardless of data type.
• Discover, label, and classify data across sources, including Microsoft Fabric, Microsoft Azure, and AWS.
• Restrict access to sensitive data (determined by labels or roles).
• Detect business violations.
• Gain visibility into generative AI app usage.

Mark your calendar for these Legalweek sessions

There’s more we’ll cover at Legalweek 2024. During three sessions, Microsoft experts and legal experts will provide a glimpse at the current cybersecurity challenges in the legal sector as well as share strategies to tackle these challenges with modern cybersecurity and technology solutions.

The Microsoft sessions at Legalweek are:

Connect with Microsoft at Legalweek

If you seek strategies for safeguarding and managing the compliance of your data, check out one or more of our sessions at Legalweek. Throughout the conference, you can also interact with our Microsoft experts directly in a few ways:

• Stop by Booth #3105 in Americas Hall 2 to learn how Microsoft solutions can address your challenges.
• Request to attend the Executive Breakfast on Tuesday, January 30, 2024.
• Request dedicated time with our eDiscovery experts, who will be available between 9:00 AM ET and 5:00 PM ET, Monday, January 29, 2024, through Thursday, February 1, 2024. We’d love to connect. Hope to see you there!

Learn more

Learn more about Microsoft Purview eDiscovery.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹New report on ChatGPT & generative AI in law firms shows opportunities abound, even as concerns persist, Thomson Reuters. April 17, 2023.

The post Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI appeared first on Microsoft Security Blog.

As many of you look to AI transformation to drive the next wave of innovation, you now also need to account for data being both consumed and created by generative AI applications. The risks that come with implementing and deploying AI are not fully known, and it is only a matter of time before you start to see broader regulatory policies on AI. According to Gartner®, by 2027 at least one global company will see its AI deployment banned by a regulator for noncompliance with data protection or AI governance legislation.² AI will be a catalyst for regulatory changes, and having secure and compliant AI will become fundamental.

With these trends converging all at once, securing and governing all your data is a complex and multifaceted undertaking. You need to secure and govern different types of data (structured, unstructured, and data generated by AI). You need to secure and govern it in different locations across multiple clouds, and you need to account for existing and future data security, governance, and AI regulations.

Most organizations experience an average of 59 data security incidents per year and use an average of 10 solutions to secure their data estate.¹ This fragmented approach requires many of you to stitch together multiple tools to address data security and governance, which can lead to higher costs and difficulty in both procurement and management. The lack of integration between the disparate tools can cause unnecessary data transfers, duplicate copies of data, redundant alerts, siloed investigations, and exposure gaps that lead to new types of data risks and ultimately worse security outcomes.

A simpler approach: Microsoft Purview

To address these challenges, you need a simplified approach to data security, governance, and compliance that covers your entire data estate. Microsoft Purview is an integrated solution that helps you understand, secure, and manage your data—and delivers one unified experience for our customers.

With Microsoft Purview, you can:

• Gain end-to-end visibility and understanding of your entire data estate, across on-premises, multicloud, and software as a service (SaaS) environments, and for structured, unstructured, and data created by generative AI applications.
• Apply comprehensive data protection across your data estate, using AI-powered data classification technology, data maps, extensive audit logs and signals, and management experience.
• Improve your risk and compliance posture with tools to identify data risk and manage regulatory requirements.

Microsoft Purview

Help keep your organization’s data safe with a range of solutions for unified data security, data governance, and risk and compliance management.

What’s new in Microsoft Purview?

In this blog post, we will outline some of the exciting new capabilities for Microsoft Purview that we announced at Microsoft Ignite 2023.

Expanding data protection across the data estate

As we unveiled earlier this year, Microsoft Purview is expanding the sphere of protection across your entire data estate, including structured and unstructured data types. We are excited to share some of the next steps in that journey by providing you with:

• A unified platform that enables you to discover, label, and classify data across various data sources, including Microsoft Fabric, Microsoft Azure, Amazon Web Services (AWS), and other cloud environments.
• Consistent protections across structured and unstructured data types such as Azure SQL, Azure Data Lake Storage (ADLS), and Amazon S3 buckets.  
• Expanded risk detections enabling signals from infrastructure clouds and third-party apps such as AWS, Box, DropBox, and GitHub.

With these capabilities, you can gain visibility across your data estate, apply consistent controls, and ensure that your data is protected and compliant across a larger digital landscape. For example, you can scan and label your data in Microsoft Azure SQL, Azure Data Lake Storage, and Amazon S3 buckets, and enforce policies that restrict access to sensitive data based on data labels or user roles from one control plane—just like you do for Microsoft 365 sources. Check out this short Microsoft Mechanics video covering an end-to-end scenario. To learn more, we invite you to read the “Expanding data protection” blog.

Securing AI with Microsoft Purview

We are committed to helping you protect and govern your data, no matter where it lives or travels. Building on this vision, Microsoft Purview enables you to protect your data across all generative AI applications—Microsoft Copilots, custom AI apps built by your organization, as well as more than 100 commonly used consumer AI apps such as OpenAI’s ChatGPT, Bard, Bing Chat, and more.³ We announced a set of capabilities in Microsoft Purview to help you secure your data as you leverage generative AI. Microsoft Purview will provide you with:

• Comprehensive visibility into the usage of generative AI apps, including sensitive data usage in AI prompts and total number of users interacting with AI. To enable customers to get these insights, we announced preview of AI hub in Microsoft Purview.
• Extensive protection with ready-to-use and customizable policies to prevent data loss in AI prompts and protect AI responses. Customers can now get additional data security capabilities such as sensitivity label citation and inheritance when interacting with Copilot for Microsoft 365 and prevent their users from pasting sensitive information in consumer generative AI applications.
• Compliance controls to help detect business violations and easily meet regulatory requirements with compliance management capabilities for Copilot for Microsoft 365.

Copilot for Microsoft 365 is built on our security, compliance, privacy, and responsible AI framework, so it is enterprise ready. With these Microsoft Purview capabilities, you can strengthen the data security and compliance for Copilot. The protection and compliance capabilities for Copilot are generally available, and you can start using them today. To learn more, read the Securing AI with Microsoft Purview blog.

Supercharge security and compliance effectiveness with Microsoft Security Copilot in Microsoft Purview

Microsoft Purview capabilities for Microsoft Security Copilot are now available in preview. With these capabilities you can empower your security operations center (SOC) teams, your data security teams, and your compliance teams to address some of their biggest obstacles. Your SOC teams can use the standalone Security Copilot experience to analyze signals across Microsoft Defender, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview into a single pane of glass. Your data security and compliance teams can use the embedded experiences in Microsoft Purview for real-time analysis, summarization, and natural language search, for data security and compliance built directly into your investigation workflows.

Microsoft Purview capabilities in Security Copilot

To help your SOC team gain comprehensive insights across your security data, Microsoft Purview capabilities in Security Copilot will provide your team with data and user risk insights, identifying specific data assets that were targeted in an incident and users involved to understand an incident end to end. For example, in the case of a ransomware attack, you can leverage user risk insights to identify the source of the attack, such as a user visiting a website known to host malware, and then leverage data risk insights to understand which sensitive files that user has access to that may be held for ransom.

Security Copilot embedded in Microsoft Purview

We’ve also embedded Security Copilot into Microsoft Purview solutions to help with your data security and compliance scenarios. You can now leverage real-time guidance, summarization capabilities, and natural language support to catch what others miss, accelerate investigation, and strengthen your team’s expertise. Here’s where these capabilities will light up:

• Summarize alerts in Microsoft Purview Data Loss Prevention: Investigations can be overwhelming for data security admins due to the large number of sources to analyze and varying policy rules. To help alleviate these challenges, Security Copilot is now natively embedded in Data Loss Prevention to provide a quick summary of alerts, including the source, attributed policy rules, and user risk insights from Microsoft Purview Insider Risk Management. This summary helps admins understand what sensitive data was leaked and associated user risk, providing a better starting point for further investigation. Learn more in our Microsoft Purview Data Loss Prevention announcement.
• Summarize alerts in Microsoft Purview Insider Risk Management: Insider Risk Management provides comprehensive insights into risky user activities that may lead to potential data security incidents. To accelerate investigations, Security Copilot in Insider Risk Management summarizes alerts to provide context into user intent and timing of risky activities. These summaries enable admins to tailor investigations with specific dates in mind and quickly pinpoint sensitive files at risk. Learn more in our Microsoft Purview Insider Risk Management announcement.
• Contextual summary of communications in Microsoft Purview Communication Compliance: Organizations are subject to regulatory obligations related to business communications, requiring compliance investigators to review lengthy communication violations. Security Copilot in Communication Compliance helps summarize alerts and highlights high-risk communications that may lead to a data security incident or business conduct violation. Contextual summaries help you evaluate the content against regulations or corporate policies, such as gifts and entertainment and stock manipulation violations. Learn more in our Microsoft Purview Communication Compliance announcement.
• Contextual summary of documents in review sets in Microsoft Purview eDiscovery: Legal investigations can take hours, days, even weeks to sift through the list of evidence collected in review sets. This often requires costly resources like outside council to manually go through each document to determine the relevancy to the case. To help customers address this challenge, we are excited to introduce Security Copilot in eDiscovery. This powerful tool generates quick summaries of documents in a review set, helping you save time and conduct investigations more efficiently. Learn more in our Microsoft Purview eDiscovery announcement.
• Natural language to keyword query language in eDiscovery: Search is a difficult and time-intensive workflow in eDiscovery investigations, traditionally requiring input of a query in keyword query language. Security Copilot in eDiscovery now offers natural language to keyword query language capabilities, allowing users to provide a search prompt in natural language to expedite the start of the search. This empowers analysts at all levels to conduct advanced investigations that would otherwise require keyword query language expertise. Learn more in our Microsoft Purview eDiscovery blog.

To learn more about Security Copilot and Microsoft Purview, read our Microsoft Security Copilot in Microsoft Purview blog.

Additional product updates

New Microsoft Purview Communications Compliance capabilities

Copilot for Microsoft 365 support introduces an advanced level of detection within Communication Compliance, allowing organizations to identify and flag risky communication, regardless of source. Investigative scenarios across various Microsoft applications, including Outlook, Microsoft Teams, and more, showcase the precision of this feature, identifying patterns, keywords, and sensitive information types. With additional features for policy creation and user privacy protection, administrators can also fine-tune their management strategy, ensuring secure, compliant, and respectful communications. Integration with Security Copilot further enhances data security and regulatory adherence, providing concise contextual summaries for swift investigation and remediation. Leveraging AI technology, Communication Compliance detects and categorizes content, prioritizing content that requires immediate attention. Reporting inappropriate content within Microsoft Viva Engage and ensuring compliance in Microsoft Teams meetings further strengthens the multilayered compliance defense. Stay ahead of compliance challenges and embrace these innovative features to secure, comply, and thrive in the digital age.

Learn more in our Microsoft Purview Communication Compliance announcement.

New to Information Protection in Microsoft Purview

As organizations prepare to use generative AI tools such as Copilot for Microsoft 365, leveraging Microsoft Purview Information Protection, discovery and labeling of sensitive data across the digital estate is now even more important than ever. New releases to Microsoft Purview Information Protection include intelligent advanced classification and labeling capabilities at an enterprise scale, contextual support for trainable classifiers that improve visibility into effectiveness and discoverability, better protection for important PDF files, secure collaboration on labeled and encrypted documents with user-defined permissions, as well support for Microsoft Fabric, Azure, and third-party clouds.

You can learn more about the new Information Protection capabilities in the Information Protection announcement.

New Microsoft Purview Data Loss Prevention capabilities

We are excited to announce a set of new capabilities in Microsoft Purview Data Loss Prevention (Purview DLP) that can help comprehensively protect your data and efficiently investigate DLP incidents. Our announcements can be grouped into three categories:

• Efficient investigation: Capabilities that empower admins by making their everyday tasks easier, including enriching DLP alerts with user activity insights from Insider Risk Management, DLP analytics to help find the biggest risk and recommendations to finetune DLP policies, and more.
• Strengthening protection: Capabilities that help protect numerous types of data and provide granular policy controls, including predicate consistency across workloads, enhancements to just-in-time protection for endpoints, support for optical character recognition (OCR), and performance improvements for DLP policy enforcements.
• Expanding protection: Capabilities that extend your protection sphere to cover your diverse digital estate, including support for Windows on ARM and several enhancements to macOS endpoints.

Purview DLP is easy to turn on; protection is built into Microsoft 365 apps and services as well as endpoint devices running on Windows 10 and 11, eliminating the need to set up agents on endpoint devices. 

Learn more in our Microsoft Purview DLP blog.

New Microsoft Purview Insider Risk Management and Adaptive Protection capabilities

To secure data in diverse digital landscapes, including cloud environments and AI tools, detecting and mitigating data security risks arising from insiders is a pivotal responsibility. At Microsoft Ignite, we made a few exciting announcements for Insider Risk Management and Adaptive Protection: 

• Intelligent detection across diverse digital estate: Insider Risk Management will now detect critical data security risks generated by insiders in AWS, Azure, and SaaS applications, including Box, Dropbox, Google Drive, and GitHub. Additionally, security teams can also gain visibility into AI usage with our new browsing to generative AI sites indicator.  
• Adaptive data security from risk detection to response: User context can help security teams make better data security decisions. Security teams can now gain user activity summary when a potential DLP incident is detected in Microsoft Purview DLP and Microsoft Defender portal. With this update and Adaptive Protection, user risk context is available from DLP incident detection to response, making data security more effective. In addition, security teams can now leverage human resources resignation date to define risk levels for Adaptive Protection, addressing common incidents, such as potential data theft from departing employees.  
• Streamlined admin experience for effective policies: To enable better policies management experience, Insider Risk Management will support admin units and provide recommended actions to fine tune policies and receive more high-fidelity alerts. 

Learn more details about all these announcements in our Microsoft Purview Insider Risk Management blog.  

Get started today

These latest announcements have been exciting additions to help you secure and govern your data, across your entire data estate in the era of AI. We invite you to learn more about Microsoft Purview and how it can empower you to protect and govern your data. Here are some resources to help you get started:

• Watch the Microsoft Purview on-demand sessions from Microsoft Ignite, outlined in this guide.
• Try Microsoft Purview for free.
• Read the Data Security Index report.
• Visit the Microsoft Purview website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Data Security Index: Trends, insights, and strategies to secure data, October 2023.

²Gartner, Security Leader’s Guide to Data Security, Andrew Bales. September 7, 2023.

³Microsoft sets new benchmark in AI data security with Purview upgrades, VentureBeat. November 13, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post New Microsoft Purview features use AI to help secure and govern all your data appeared first on Microsoft Security Blog.

Attacks are quickly becoming more automated through AI-assisted tools. They are also increasing exponentially—the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second.¹ Plus, the annual cost of cyberattacks continues to grow. According to the FBI Internet Crime Complaint Center’s (IC3) latest research, reported total losses grew from USD6.9 billion in 2021 to more than USD10.2 billion in 2022.² Such losses are even greater on a global scale. If organizations continue to operate within a fractured security state and only utilize what’s worked in the past, they will leave gaps in their security posture.

Now there is a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that rapidly adapt. There has never been a more important time for specialized cybersecurity expertise, and our partners are critical to preparing customers for the era of AI. According to a Forrester Total Economic Impact study, Microsoft Security partners are realizing a significant increase in their business with more than 14 percent year-over-year growth.³ In small and medium businesses (SMBs), partners are seeing even more dramatic demand with more than 37 percent market expansion just this last year.

Today at Microsoft Inspire 2023, we will discuss AI-powered security during the “Springboard customers into the era of AI with end-to-end security” session. Also, you’ll have an opportunity to ask your most pressing questions at the expert Q&A.

Register for Microsoft Inspire to hear more details on our latest exciting announcements listed in this blog.

Microsoft Inspire 2023

Elevate your business by joining us for Microsoft Inspire, July 18 and 19, 2023, and learn how to accelerate AI transformation in your security practice.

Register now

Coming soon: Microsoft Security Copilot Early Access Program

We are extremely encouraged by the excitement and positive feedback we have received from customers and partners since we announced Microsoft Security Copilot—one of the first generative AI products in the security industry—in March 2023. This fall, we will open our Early Access Program and invite more customers and partners to experience Security Copilot. To help us focus our learning, customers who use Microsoft Defender for Endpoint will be prioritized for early access. Those who also use Microsoft Sentinel will get even more benefit from the program. Security Copilot is designed to work with a broad range of Microsoft and third-party tools, and we will expand the program as we learn.

Our preview is well underway, and the feedback from our preview customers shows that there’s every reason to be excited about the massive potential of this technology to help protect at machine speed and scale:

“Microsoft is spearheading a transformative shift in security operations center (SOC) processes and operations at a truly remarkable speed. By fully integrating these cutting-edge AI technologies, they are pioneering a leap so momentous that by December 2024, SOC operations from 2021 may seem prehistoric in comparison. The surge in productivity could be unparalleled. At Bridgewater, we are thrilled to be helping Microsoft on this voyage, collaboratively propelling Security Copilot’s full potential to the forefront of the industry.”

—Igor Tsyganskiy, President, Bridgewater

New: Security Copilot design advisory council

Today, we are officially kicking off our partner engagement to help you build your own solutions and services powered by Security Copilot. If you are a Microsoft partner, you can start today by helping customers deploy Microsoft Defender for Endpoint and Microsoft Sentinel so that they are prepared to adopt Microsoft Security Copilot. We are excited to join forces with our partners, including members of the Microsoft Intelligent Security Association. Here’s what a couple of our partners have shared already:

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren’t defenders? We are operating in an era where fighting AI with AI is non-negotiable. By partnering with Microsoft Security Copilot, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”

—Matthew Prince, Chief Executive Officer, Cloudflare

“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to see productivity increases from our SOC analysts using Security Copilot when dealing with scenarios like incident response and threat hunting and believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and remain excited as they continue to add more compelling capabilities to Security Copilot.”

—Brian Beyer, Chief Executive Officer, Red Canary

“Building on our recent investment to expand and scale our AI offerings, we’re excited to team with Microsoft on bringing Security Copilot to our joint customers, augmenting their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible use of generative AI.”

—Sean Joyce, Global Cybersecurity and Privacy Leader, PwC

If you are interested in learning how to engage with your customers now to take full advantage of these new AI technologies, we invite you to sign up to receive communications and to be considered for our new Security Copilot design advisory council.

Investments in the managed security service provider community

According to Gartner®, “by 2025, 60 percent of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30 percent today.”⁴ 

To help meet the anticipated demand for these services, we are actively working to recruit more Managed Extended Detection and Response (MXDR) partners alongside our first-party offering. Microsoft is deeply committed to our partner community, and partners will always be the primary path for customers to get the services they need. We are increasing our overall investments for security partners by nearly 50 percent this coming year. A great example of this continued investment is the Microsoft engineering verified MXDR solution status that we launched for partners last year.

Making it easier to better protect small and medium businesses

Small and medium businesses are seeing more cyberattacks, with 82 percent of ransomware attacks targeting small businesses.⁵ Due to a lack of internal security specialists, these businesses often look to IT partners to help secure their IT environments.

We are making it easier for partners to deliver security services to their customers:

• For partners who want to build their own SOC or managed detection and response (MDR) service, we are pleased to announce streaming APIs from Microsoft Defender for Business to enable advanced hunting and attack detection. Available in preview in Defender for Business standalone and as part of Microsoft 365 Business Premium.
• With a 3.4 million-person global shortage in the cyber workforce, partners face staffing challenges as much as their customers do.⁶ For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce integrations with leading MDR providers. For example, Blackpoint Cyber now offers both a round-the-clock cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium, and a managed endpoint detection and response (EDR) service for Defender for Business customers. 
• We’re extending mobile protection to SMB customers who may not have a mobile device management solution with Mobile threat defense for standalone Defender for Business customers—now generally available. The new Defender for Business monthly summary report will show threats prevented, current status from Microsoft Secure Score and recommendations, and will help partners to show value to customers.

For details on our SMB-focused announcements, read our Tech Community blog post.

Expanding comprehensive security with product innovations

We continue to offer one of the most comprehensive security solutions in the market and power it with world-class global threat intelligence. Today we announced the following innovations:

• Microsoft Sentinel: To simplify budgeting, billing, and cost management, the Microsoft Sentinel price now includes the Azure Monitor Log Analytics price. To learn more, read the announcement blog.
• Microsoft Defender Experts for XDR: A new managed service gives customers step-by-step guidance to respond to incidents, receive expertise when they need it, and stay ahead of emerging threats.
• Microsoft Purview Insider Risk Management: With the new bring-your-own-detections capabilities, partners can help their customers create custom indicators by bringing in detections from non-Microsoft sources, such as a customer relationship management system like Salesforce or a developer tool like GitHub.
• Microsoft Defender for Cloud Apps: The new open app connector platform makes it easier for partners to plug their solutions into our platform. New API connectors include the preview of Asana and Miro as well as the general availability of software as a service security posture management capabilities for DocuSign, Citrix, Okta and GitHub.
• Microsoft Defender for Endpoint: The settings management experience is now natively embedded into Microsoft Defender for Endpoint for Windows, Linux, and macOS, removing dependencies on Microsoft Intune and the need to switch between portals.
• Microsoft Defender Threat Intelligence: Graph APIs now enable simple exporting and ingestion of data to Microsoft Defender, Microsoft Sentinel, and third-party applications.
• Microsoft Purview eDiscovery: Now generally available, the Microsoft Graph eDiscovery Export API will enable external applications and partners to integrate the eDiscovery export function through scripting.
• Microsoft Purview Information Protection: With this update, confidential and highly sensitive Excel files that are labeled and protected by Microsoft Purview Information Protection can continue to be protected when imported into Microsoft Power BI datasets and reports throughout their lifecycle. Additionally, documents in SharePoint and OneDrive now support labeled and encrypted documents with user-defined permissions. Co-authoring for Word, Excel, and PowerPoint apps now enables document owners to define permissions for people who can have access to shared sensitive documents that are encrypted.
• Microsoft Purview Data Loss Prevention: Microsoft Purview Data Loss Prevention introduces a new capability to allow security teams to create policies that prevent their users from pasting sensitive data to specific websites or web applications.
• Microsoft Defender for External Attack Surface Management: With External Attack Surface Management, you can leverage new data connections to seamlessly integrate your attack surface data into other Microsoft solutions, including Azure Data Explorer and Log Analytics. These data connections will help you supplement workflows with new insights, which will enable you make informed security decisions based on more comprehensive information.

We have been innovating rapidly across the entire Microsoft Security portfolio. In case you missed them, here are a few of our most recent announcements.

• Two new Security Service Edge solutions: Microsoft Entra Internet Access helps protect access against malicious traffic and threats from the open internet. Microsoft Entra Private Access helps secure access to private apps and resources from any device and network.
• Microsoft Azure Active Directory is now Microsoft Entra ID: To unify our product family, we changed the name of Microsoft Azure Active Directory to Microsoft Entra ID.
• Microsoft Intune Suite: In March 2023, we launched the Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The suite’s AI-powered automation empowers IT and security teams to move simply and quickly from reactive to proactive in addressing security challenges.
• Adaptive Protection in Microsoft Purview: In early 2023, we launched Adaptive Protection in Microsoft Purview. This new capability dynamically updates data loss prevention controls and policies, turning them to individual users and helping customers identify and mitigate the most critical risks. This saves security teams valuable time while ensuring better data security. Learn more about the features and benefits of Adaptive Protection.
• Microsoft Sentinel reduces investigation time by 88 percent: This year, we unveiled a new context-focused incident investigation experience for Microsoft Sentinel that enables security analysts to reduce their investigation time by up to 88 percent.⁷ We also delivered the ability to automatically disrupt in-progress attacks in Microsoft 365 Defender to help customers prevent devasting breaches. 

2023 Security Partner of the Year Awards

We are excited to announce our 2023 Security Partner of the Year Award winners.

Security Partner of the Year: BDO Digital

BDO Digital is a global company that offers detection, automation, and reduction of overall cybersecurity risks. Many of BDO’s clients’ legacy tools were not equipped to deal with modern infrastructure, and internal security teams did not have the bandwidth to monitor and triage security events. BDO helped improve its clients’ cybersecurity posture by reducing actionable alerts by over 50 percent.

Compliance Partner of the Year: Epiq

Epiq offers advanced data security technology solutions, such as a unique Chat Connector for Microsoft Teams that allows legal teams to effectively assess data for relevant and privileged content. 

Building securely together

As we all consider what we can accomplish with AI now and in the future, I cannot overstate the importance of end-to-end security. This is exactly where we recommend you start with your customers. Help them strengthen their security posture now so that when they deploy AI, they are not vulnerable to attacks. AI solutions will only ever be as strong as their underlying security.

As with any product design, we hold ourselves to high security standards when building, developing, and deploying AI-powered solutions from platforms to applications to processes. We maintain rigorous responsible AI practices, aimed at understanding and mitigating harms, measuring the quality of responses, and fostering a continuous learning environment from customer feedback. A cornerstone of these standards is our commitment to developing solutions that are “secure by design and secure by default.” However, it is important to note that the robustness of security is significantly enhanced when users actively manage and maintain it. Our focus extends to ensuring robust control over data, meaning it won’t be used to train AI models without explicit permission. We advocate for our partners to adhere to these benchmarks while crafting and implementing AI-based offerings for customers—whether the aim is to enhance productivity, automate a business process, or safeguard against threats.

Connect with us at Microsoft Inspire 2023

Microsoft Inspire 2023 is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. If you haven’t registered, there’s still time to reserve your complimentary spot. There, you’ll hear strategies to prepare your organization for AI with comprehensive security and security posture. Hope to see you in these sessions!

• “Springboard customers into the era of AI with end-to-end security” (FS106): This session will spotlight how AI will transform technology for our customers and their security practices. You can also join a live Q&A with the experts.
• “Investments Microsoft is making to accelerate your security business” (ODBRK117): Learn the latest opportunities to expand the offerings of existing customers over the next 12 months with Microsoft Security.
• “Take advantage of the expanding opportunity with end-to-end security” (OD130): Explore how Microsoft Security’s end-to-end solution helps you get ready and get your customers to fully leverage the massive opportunity in the security market.  
• “Securing the channel: protecting customers’ digital transformation” (OD131): Find out more about Microsoft’s vital role in addressing increasing cyberattacks in hybrid and remote work environments, while also hearing of the role of partners in proactively securing customers’ digital transformation.
• “Bridging the cybersecurity gap: security training for partners” (OD132): In this Level 400 session, you’ll experience a new gamified learning simulation that makes Microsoft Security solutions real for you and your teams through interactive scenarios. 
• “Build Your Security Practice” (OD142): Explore how partners can grow revenue and profitability with managed security services with Microsoft 365 Business Premium and Microsoft Defender for Business. We will discuss key SMB trends, new product innovations, and resources to help partners develop successful security service offerings.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data.

²Internet Crime Report, Federal Bureau of Investigation. 2022.

³The Partner Opportunity For Microsoft Security, Forrester. July 2023.

⁴Gartner® Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. February 14, 2023. 

⁵The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

⁶2022 Cybersecurity Workforce Study, (ISC)². 2022.

⁷The Total Economic Impact™ Of Microsoft SIEM And XDR, Forrester. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

In the new world of hybrid work, regulatory compliance has become a board-level directive. Local and global regulations dictate how to manage, store, and transmit data, making compliance more critical than ever before. However, to adhere to these regulatory standards, risks need to be identified and mitigated, and data needs to be governed according to policy. Embarking on this journey will provide additional valuable outcomes, like:

• Providing you with fast access to requested data in the event of an external or internal investigation or legal action.
• Protecting company data as the workplace evolves is especially important given the growing use of personal devices for work and the increase in employees accessing company networks from outside the physical office for some or most of their week.
• Acting as good stewards—Chief Information Security Officers (CISOs) feel a sense of duty to protect their employees, partners, and customers to the best of their ability.

Microsoft’s compliance journey has given us insights and best practices that we can share with other organizations determined to strengthen their compliance management practices. Planning for the unexpected events that inevitably occur means aligning your people, processes, and technology. Here are five things we’ve learned along our compliance path—and stories of what’s worked for customers.

Assess your compliance posture

It’s difficult, if not impossible, to know if you’re headed in the right direction without knowing your current position. So, where do you start? Compliance management has gone from a nice to have to a must-have for organizations, which have huge a incentive to strengthen their compliance management practices. Keeping track of all the regulations they’re responsible for, however, can be challenging, especially for those companies in regulated industries, like financial services or healthcare. Maintaining a good compliance posture can help you avoid penalties, negative publicity, fines, and financial losses. Given how quickly regulations change, this can be a big challenge. And manually tracking compliance issues in spreadsheets often isn’t sufficient. As a first step, we recommend assessing the current state of your compliance with a visual tool that helps measure where you are today, and allows you to track your collective progress over time.

Broaden your idea of compliance

When people hear the term “compliance,” many instantly think about regulatory compliance. Understandably so, because regulations like the California Consumer Protection Act (CCPA) and General Data Protection Regulation (GDPR) receive a lot of press and attention. But as mentioned earlier, compliance goes way beyond regulations.

Compliance management can even lead to innovation. Customers tell us they feel free to adapt the way they operate in response to customer trends. Visionary Wealth Advisors, a financial management firm in the United States, wanted to allow customers to communicate with the company via text messaging but needed to manage that data securely for compliance reasons. Visionary Wealth Advisors was able to maximize security and compliance with Microsoft Purview Data Lifecycle Management and CellTrust SL2.

“A central pain point is that the client doesn’t understand the regulatory environment that we operate in,” said Ryan Barke, Chief Compliance Officer and General Counsel, Visionary Wealth Advsiors. “They just want to communicate with their financial advisor, and the financial advisor wants to communicate with the client. We can have a policy that says, advisors, you’re prohibited from text messaging with your clients but we cannot control the other end of that communication.”

Involve everyone

Data breaches are accelerating—climbing 68 percent in 2021, costing an average of USD4.24 million each.¹ Insider leaks of sensitive data, intellectual property (IP) theft, and fraud can all detrimentally impact a company. So, too, can regulatory violations, but CISOs may be so focused on data protection that data compliance doesn’t get as much attention. What we have learned on our journey is that compliance isn’t a CISO’s burden to bear alone. Multiple Microsoft executives were involved in meeting compliance regulations and obligations. People across Microsoft had to have a hand in compliance to drive the process.

Involving multiple leaders makes sense given how people throughout an organization will benefit from what strong compliance management makes possible. The City of Marion in Australia deployed Microsoft Purview Records Management to better manage the data collected from the 90 services it provides. As a result, city staff has become more engaged with the process of creating and handling information. They can organize themselves and their workflows in Microsoft Teams, set up SharePoint sites, create and link information, create their own Power BI reports, configure workflows, and connect varied information much easier.

“It helps our small team get lots of stuff done, and we don’t need to worry so much about compliance anymore,” said Karlheins Sohl, Information Management Team Leader, City of Marion. “We can trust the system to help take care of that, while we’re freed to focus on the quality of information and the service we provide to the City of Marion staff.”

Discover data and identify risks

In the event of legal action, a merger or acquisition, or an internal or external investigation, technology solutions can help you more efficiently find the relevant data you need. With the proliferation of data, that’s more important than ever.

The sheer volume of data can make this challenging. Technology solutions like Microsoft Purview eDiscovery can help you save time and money on tracking down data.

Through a solution like Microsoft Purview Communication Compliance, organizations can reduce risks related to regulatory compliance obligations.  

Simplify and automate compliance

Effective technology solutions have a wonderful way of simplifying complex processes—and often the workdays of those responsible for managing those processes. Multiple solution providers can complicate already challenging compliance processes and result in a fragmented, inefficient approach. Choosing a comprehensive solution, like Microsoft Purview, can help by continuously monitoring for compliance changes and automating the update process.

Texas-based Frost Bank must follow numerous banking regulations and employees recognize the importance of complying with them—“Compliance is like drinking coffee in the morning,” says Edward Contreras, CISO, Frost Bank. Keeping up with all of those regulations proved challenging before adopting Microsoft Purview Compliance Manager, which updates daily, adding at least 200 updates from more than 1,000 regulatory bodies and enabling the bank to create detailed reports for regulators and auditors.

“Compliance Manager took the mystery out of regulatory compliance for us,” said Glenn McClellan, Endpoint Architect, Frost Bank. “The solution provides improvement actions, excerpts from relevant regulations, and overall, made managing compliance really easy and actionable.”

Explore Microsoft Purview

Effective compliance and risk management are extremely important, and are possible. Microsoft is here to help if you’re looking to simplify your compliance management with technology solutions.

Microsoft Purview is a comprehensive set of compliance and risk management solutions that help organizations govern, protect, and manage data, and improve your company’s risk and compliance posture. These solutions include Microsoft Purview eDiscovery, which helps you discover, preserve, collect, process, cull, and analyze your data in one place; Microsoft Purview Compliance Manager, which helps you simplify compliance and reduce risk; and Microsoft Purview Communication Compliance, which helps foster compliant communications across corporate mediums. We’d love to offer support on your journey.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Cost of a Data Breach Report 2021, Ponemon Institute, IBM. 2021.

The post Discover 5 lessons Microsoft has learned about compliance management appeared first on Microsoft Security Blog.

Microsoft Purview is a portfolio of solutions for information protection, data governance, risk management, and compliance that enables organizations to effectively manage their data all from one place. It provides enhanced visibility that organizations can leverage across their environment to help close gaps that can lead to data exposure, simplify tasks through automation, stay up-to-date with regulatory requirements, and keep their most important asset—their data—secured. Partners play a critical role in helping customers manage their entire data estate. We’ve invested in connectors, APIs, and extensibility to support partners and help customers manage their data. 

Microsoft Purview product announcements

Today, we are excited to announce the general availability of the new Microsoft Graph APIs for Microsoft Purview eDiscovery. With the new Microsoft Purview eDiscovery APIs, organizations can leverage automation to streamline common, repetitive workflows that require a lot of manual effort in the product experience.

Customers and partners find automation and extensibility of eDiscovery workflows critically important because of the ability to reduce the potential for human error in highly sensitive workflows. For example, efficiently managing repeatable, defensible processes is critical to managing risk for organizations that have significant requirements for litigation and investigation.

Here are some of the ways partners are building value-added solutions and services using our Microsoft Purview eDiscovery APIs:

Relativity integrates with Microsoft Purview eDiscovery (Premium)

Relativity, Microsoft’s Security ISV of the Year for 2022, shared that “using the right tools to put business’s data into action is essential for many eDiscovery and compliance use cases. RelativityOne integration with Microsoft Purview eDiscovery significantly expedites the eDiscovery review process, minimizes data copies across multiple platforms, facilitates third-party collaboration, and ultimately reduces costs while the data remains secure within the Microsoft cloud. Now is the time to benefit from RelativityOne’s integration with Microsoft’s Purview’s eDiscovery platform,” said Chris Izsak, Strategic Partnerships GTM Manager, Relativity.

BDO’s Athenagy integrates with Microsoft Purview eDiscovery

BDO’s Athenagy creates dashboards using both Microsoft Purview eDiscovery and RelativityOne. Their “patent-pending business intelligence dashboards now provide legal, IT, and compliance professionals a whole new level of data transparency and cost containment by surfacing up critical insights inside both Microsoft Purview eDiscovery—using the newly released Microsoft Purview eDiscovery APIs—and RelativityOne tied to legal hold, collect, preservation, processing, and review for every investigation, compliance, and litigation matter,” said Daniel Gold, inventor of Athenagy and managing director of E-Discovery Managed Services, BDO.

Epiq Global integrates with Microsoft Purview eDiscovery

Epiq leverages Microsoft Purview eDiscovery APIs to create an end-to-end eDiscovery workflow. “Utilizing the Microsoft Purview eDiscovery APIs allows us to automate within Microsoft Purview to use inputs from our customer’s existing legal hold system of record to seamlessly orchestrate an end-to-end workflow including sending hold notices, preserving data in place, and performing searches, collections, and exports. When updates are made in the system of record, the changes are propagated directly to the appropriate piece of eDiscovery to ensure parity. An automated solution eliminates human error, reduces administrative costs, and ensures that eDiscovery processes are in sync with your issuance of legal holds,” said Jon Kessler, Vice President of Information Governance Services, Epiq.

Lighthouse integrates with Microsoft Purview eDiscovery

Lighthouse uses Microsoft Purview eDiscovery APIs to create “a rich and intuitive user experience, taking advantage of custodian data mapping, in-place preservation, modern attachment retrieval, and advanced culling. Our automation and orchestration solution is designed to improve user efficacy with job failure oversight, completion notification, and automatic provisioning and management of Azure storage containers. Clients embracing this solution benefit from automation and orchestration to fully leverage Purview Premium eDiscovery’s apps securely and at scale,” said John Collins, Director of Advisory Services, Lighthouse (winner of the Compliance and Privacy Trailblazer award for 2022).

Growth opportunities for partners

The opportunity for our partners who invest in the Microsoft compliance ecosystem continues to grow. Our partners are finding success by building value-added solutions and services around Microsoft’s solutions at an increasing rate. For example, partners are creating solutions that connect disparate information repositories for enterprise-wide compliance initiatives.

Microsoft partners continue to have the ability to participate in our successful go-to-market program, the partner build-intent workshops. These workshops cover the Microsoft Security portfolio and help drive customer success with Microsoft products and partner services through prescriptive scenarios that address the top pain points of our customers. These workshops have been updated to give partners the ability to uncover additional opportunities leveraging the most up-to-date tools and solutions. Discover all our partner workshops and get started with unlocking opportunities and value with your customers.

How Microsoft supports the partner ecosystem

The Microsoft Purview platform enables our customers and partners to adapt, extend, integrate, and automate information protection, data governance, risk management, and compliance scenarios. These capabilities are enabled through our investments in these key building blocks:

Microsoft Purview APIs: We are constantly expanding our API surface area. With our investments in Microsoft Graph APIs we currently enabling extensibility scenarios across Purview Information Protection, Purview Data Lifecycle Management, Purview eDiscovery, Purview Audit, and more. Partners are using these APIs to build value-added services and solve unique customer scenarios.

Microsoft Purview Data Connectors: To enable high-fidelity data ingestion—including sources such as Slack, Zoom, and WhatsApp, we have partnered with Veritas, TeleMessage, 17a-4, and CellTrust to deliver more than 70 ready-to-use connectors. Our extensibility push provides more opportunities for partners to join this connector ecosystem.

Microsoft Purview Data Catalog: Microsoft Purview’s unified data governance capabilities help with managing on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview Data Catalog supports multicloud data classification and covers data repositories such as Azure Cosmos DB and Amazon Web Services (AWS) S3 buckets. There is also an Atlas Kafka API that facilitates extensibility scenarios for our partners and customers.

Microsoft Purview Compliance Manager: With universal templates, we help partners and customers extend compliance management capabilities to non-Microsoft environments.

Power Automate integrations: Microsoft Purview solutions including Microsoft Purview Data Lifecycle Management, Insider Risk Management, and Communication Compliance have built-in Power Automate integrations. This offers unique opportunities for our partners and customers to streamline and automate workflows and business scenarios.

Another way Microsoft supports the ecosystem is through the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software vendors and managed service providers that have integrated their products and services with Microsoft’s security technology. Over the last year, MISA has extended its qualifying products to include a broad range of Microsoft Purview and Microsoft Priva products. MISA offers members co-marketing benefits and the opportunity to deepen their technology integrations and relationship within the Microsoft security ecosystem. MISA offers members co-marketing benefits and the opportunity to deepen their technology integrations and relationship within the Microsoft security ecosystem.

Partner with Microsoft Purview

Here are a few ways that partners can join the Microsoft Purview ecosystem:

• For more information, check out the Microsoft Purview partner transform page.
• Explore the many opportunities for the partner ecosystem with Microsoft Purview.
• Reach out to our partners and explore their solutions.
• Check out our Microsoft Security Inspire blog post to learn more about how partners can help customers on the Microsoft platform.
• Get started with unlocking opportunities and value with your customers at our Partner Network.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How Microsoft Purview and Priva support the partner ecosystem appeared first on Microsoft Security Blog.

New capabilities help you manage eDiscovery in Microsoft Teams including the ability to apply legal hold to files and messages in private Teams channels. In addition, eDiscovery for Yammer is generally available today, while Advanced eDiscovery for Yammer is now available in public preview.

To learn more about all the new updates for eDiscovery in Microsoft 365, read Managing eDiscovery for modern collaboration.

The post New capabilities for eDiscovery now available appeared first on Microsoft Security Blog.

• New capabilities for Microsoft 365 E5 and E5 Compliance, such as the new Office 365 Advanced Message Encryption feature, data investigation capabilities, Microsoft Teams compliance features, and a new Advanced eDiscovery experience.
• The ability to use Compliance Manager to get automated updates of security controls and create your own assessments—including on-premises and non-Microsoft applications—against any regulation or standard, so you can manage compliance across data assets in a unified way.

To learn more about these updates, read Grow and protect your business with more privacy controls from Microsoft 365.

The post Updates for Microsoft 365 help strengthen data privacy appeared first on Microsoft Security Blog.